Posts Pleroma install in FreeBSD jail
Post
Cancel

Pleroma install in FreeBSD jail

1. Bootstrap new pleroma jail

I usually build FreeBSD stable branch few times a year and keep a snapshot. This allows quickly zfs clone it to bootstrap a fresh jail.

1
zfs clone rpool/poudriere/stable/12/dist-nokern-20200806@20200806 rpool/jail/pleroma

Add new entry for it in /etc/jail.conf

1
2
# PostreSQL needs allow.sysvipc = 1;
pleroma  { ip4.addr = vlan2|192.168.X.X; allow.sysvipc = 1; }

Start the jail, enter it, and bootstrap pkg

1
2
3
/etc/rc.d/jail start pleroma
jexec pleroma sh
pkg

2. Prepare jail packages

Install required packages in jail and start PostreSQL

1
2
3
4
5
6
7
8
9
# Joe is my preferred editor and I'll use bash as Pleroma service shell
pkg install bash joe git-lite cmake gcc gmake elixir postgresql12-server postgresql12-contrib sudo
sysrc postgresql_enable=YES
/usr/local/etc/rc.d/postgresql initdb
# Change PostgreSQL conf to enable password auth
joe /var/db/postgres/data12/pg_hba.conf
# host    all             all             127.0.0.1/32     password
# host    all             all             192.168.X.X/32   password
/usr/local/etc/rc.d/postgresql start

3. Install Pleroma from source

Prepare service account

1
2
3
4
5
6
7
8
9
10
NAME=pleroma ID=1244 && pw groupadd -n $NAME -g $ID && pw useradd -n $NAME -g $NAME -u $ID -s /usr/local/bin/bash -c "Pleroma User" -w no -m -d /home/pleroma
# optional, install preferred joe editor and bash settings to pleroma user
cp .joerc .bashrc /home/pleroma/ && chown pleroma:pleroma /home/pleroma/.bashrc /home/pleroma/.joerc
# this account needs UTF-8 locale
echo "export LANG=en_US.UTF-8" >>/home/pleroma/.bashrc
echo "export CHARSET=UTF-8" >>/home/pleroma/.bashrc
echo "export LC_ALL=en_US.UTF-8" >>/home/pleroma/.bashrc
# check locale is correct
su pleroma
locale

Install Pleroma from source, generate configuration

1
2
3
4
5
6
7
8
9
10
su pleroma
cd
git clone -b stable https://git.pleroma.social/pleroma/pleroma.git
cd pleroma
MAKE=gmake CC=gcc mix deps.get
MAKE=gmake CC=gcc mix pleroma.instance gen
mv config/generated_config.exs config/prod.secret.exs
chmod 600 config/setup_db.psql config/prod.secret.exs
exit
su postgres -c "psql -f /home/pleroma/pleroma/config/setup_db.psql"

Start Pleroma first time

1
2
3
4
5
6
7
8
# Run the database migrations. You will need to do this whenever you update with git pull:
su pleroma
cd ~/pleroma
MAKE=gmake CC=gcc MIX_ENV=prod mix ecto.migrate
# run server
MAKE=gmake CC=gcc MIX_ENV=prod mix phx.server
# create user
MAKE=gmake CC=gcc MIX_ENV=prod mix pleroma.user new <username> <your@emailaddress> --admin

Enable Pleroma as service in jail

As of 2020-08-30, the new Pleroma version 2.1 comes with FreeBSD rc startup script, see Pleroma Documentation - Installing on FreeBSD, install it as root user in jail

1
2
3
install /home/pleroma/pleroma/installation/freebsd/rc.d/pleroma /usr/local/etc/rc.d
sysrc pleroma_enable=YES
/usr/local/etc/rc.d/pleroma start

4. Enable reverse proxy for Pleroma service

The reverse proxy which is running H2O server in another jail (192.168.Y.Y) has following configuration entry for pleroma

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
  "toot.uoga.net:80":
    listen:
      host: 192.168.Y.Y
      port: 80
    paths:
      "/":
        redirect:
          status: 301
          url: "https://toot.uoga.net/"
      "/.well-known/acme-challenge":
        file.dir: "/usr/local/www/dehydrated"

  "toot.uoga.net:443":
    listen:
      host: 192.168.Y.Y
      port: 443
      ssl:
        certificate-file: /usr/local/etc/dehydrated/certs/toot.uoga.net/fullchain.pem
        key-file: /usr/local/etc/dehydrated/certs/toot.uoga.net/privkey.pem
    paths:
      "/":
        file.send-compressed: ON  # Performance: minify and pre-compress css
        proxy.reverse.url: http://192.168.X.X:4000/
        proxy.websocket: ON
        proxy.preserve-host: ON

The same jail has also dehydrated package, so I simply add toot.uoga.net to /usr/local/etc/dehydrated/domains.txt and rerun dehydrated -c to install LetsEncrypt certificate for Pleroma service.

This post is licensed under CC BY 4.0 by the author.